Health Insurance Portability and Accountability Act of 1996

HIPAA is the acronym for the Health Insurance Portability and Accountability Act. This Act, passed by Congress in 1996, established a framework for the changing health information system. The United States Department of Health and Human Services (HHS) has established several different sets of regulations to implement the mandates of the Act. These regulations include

Standards for Electronic Transactions, also known as the Transactions and Code Sets

Standards for Privacy of Individually Identifiable Health Information, also known as the Privacy Standards

Security Standards for the Protection of Electronic Protected Health Information, also known as the Security Standards

Standard Unique Health Identifier for Health Care Providers, also known as the National Provider Identifier

Standard Unique Employer Identifier, also known as the National Employer Identifier

While these regulations affect every consumer of health care services, only a “covered entity” as defined by the regulations, must comply with the standards.

The Missouri Department of Health and Senior Services is a “hybrid covered entity.” The Department reviewed the regulations and determined that only a few specific bureaus and units satisfy the definition of “covered entity.” The Department has developed and implemented compliance components for these areas. In addition to the confidentiality provisions required by HIPAA, the Department continues to comply with all applicable state and federal laws addressing the confidentiality of health information.

While maintaining compliance with the Privacy Regulations, the Department continues to provide public health services efficiently and effectively to all Missourians.